Project developed during an internship experience in the SOC division of Yarix Srl, a cybersecurity company.
In this company The Hive Project is used to manage all security events created by the monitoring systems installed in the clients networks. In the main page of this open source platform there are thousands of cases which cointain a single dangerous event that needs to be check by a security technician. Every case contains a specific page where it's possible to insert a TTP (Tactics, Techniques and Procedures) related to Mitre ATT&CK framework
There was two requests for this activity:
- Create a WEB API used to request all the Mitre categories related to a specific alert (and update database with new alerts or new alert-TTP relations)
- Create a WEB interface to modify alerts-TTP relations (it needed to be easy to use in order to simplify technician work)
There are two folders, one for the database management (classes, utility functions,..), the other for WEB functionalities (api and web interface).
Inside Images folder there are all the screenshot showing the web interface, an example of request-response and the waited results. More specifically, there are:
- Main page
- Display all Mitre enterprise framework and a single Mitre category
- Page to create alert-TTP relations
- Table displaying existing relations
- Tools page
- Error main page
- WebAPI request-response example with Postman
- The resulting TTP page of a test case (The Hive Project)
- Relations table
There isn't a real documentation for this project since it wasn't required from the supervisor. There are comments in every file to explain features and reasonings behind the code.
The only document written and uploaded here, it's the DB sctructure and its contraints.
- MySQL & MySQL Workbench
- Python & Flask (Jinjia)
- HTML, CSS & Javascript
- Pycharm & Git